Which anomaly detection policy should you use?
Topic 3, Misc. Questions
You need to receive a security alert when a user attempts to sign in from a location that was never used by the other users in your organization to sign in.
Which anomaly detection policy should you use?
A . Impossible travel
B. Activity from anonymous IP addresses
C. Activity from infrequent country
D. Malware detection
Answer: C
Explanation:
Activity from a country/region that could indicate malicious activity. This policy profiles your environment and triggers alerts when activity is detected from a location that was not recently or was never visited by any user in the organization. Activity from the same user in different locations within a time period that is shorter than the expected travel time between the two locations. This can indicate a credential breach, however, it’s also possible that the user’s actual location is masked, for example, by using a VPN.
Reference: https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Latest SC-200 Dumps Valid Version with 75 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund